Your comments

What about those that keep everything in-house and do not use the Duo SaaS SSO?

If a user does not receive the Duo push notification on his phone, he cannot login to ScreenConnect using the Passcodes from the Duo app. Why display the "One-time Password" form if you cannot use a Duo Passcode?

Image 1216

Image 1218

What about logging the real, source IP? CC only logs the reverse proxy's IP address even though my reverse proxies (I tested a couple of different ones) are sending the source IP in the headers (i.e. x-forward-for, real-ip, etc). Not very effective if you can't audit the source IP. Many customers put CC behind a WAF or rproxy.

Using the router feature is great if you want or need to use a single IP and have all traffic on port 443 but… After using the router functionality for years and because a previous CWC update killed the router functionality, I reluctantly switched to using one public IP for the web and another public IP for the relay. Doing so still allows me to run all CWC traffic on port 443. The nice thing about keeping the traffic separate is that you can use a web application firewall (WAF) for the web traffic which you cannot do if you use the built-in router. You will most likely be forced to NAT all traffic, as I had to do.

Also, many companies use deep packet inspection and don’t like non-html traffic on port 443. I don’t claim to know what the best solution is; just throwing this out there for consideration.

Been using the router functionality for many years, without issue. Not working with v20.11+.

Please bring back this functionality even if it is not the default.

@mpaul

So you are saying that you can set a bypass code in Duo and use it in the Connectwise Control login process and it works? It does NOT work for me. Are you sure this works for self-hosted installs? Can someone confirm?